TIL ANDROID_ID and who comes up with this malicious shit? does GrapheneOS do anything reasonable to fix it?
Conversation
Replying to
On Android 8+, it's based on a secret generated for each profile and made into an app-specific value based on app signing key. Apps can implement their own ANDROID_ID via app-specific external storage directory unless scoped storage is being used which clears that on uninstall.
2
Replying to
The malicious part is that it persists across uninstall. Couldn't the app-specific value just be randomly generated on install rather than derived, with no way for the app to tell you faked it that way?
1
Replying to
It's a bit more complicated than that due to apps with the same signature able to act as a multi-part app. So for example, if you install ExampleKeyboard and ExampleKeyboardTheme signed with the same signature, those have the same ANDROID_ID. We probably don't want to break this.
Replying to
My leaning would be just break it, but you could just randomly generate an ANDROID_ID for each signature (reusing existing one for already-present sig) and delete it when refcnt for that signature reaches zero.
1
Replying to
That's our planned implementation. We just haven't gotten around to it yet. It's possible that we could just set it to a random value on app install without any real world breakage but it would be nice to only make it non-persistent without breaking that part of the defined API.
1
1
Show replies